Check Point Advisories

Update Protection against Plume CMS manager_path Code Execution Vulnerability

Check Point Reference: CPAI-2006-086
Date Published: 16 Jul 2006
Severity: Medium
Last Updated: Tuesday 15 May, 2007
Source: SecurityTracker Alert ID: 1016165
Industry Reference:CVE-2006-0725
Protection Provided by:
Who is Vulnerable? Plume CMS version 1.0.3
Vulnerability Description Plume CMS is a Content Management System in PHP on top of MySQL. Plume CMS contains a flaw that may allow an attacker with the ability to craft a URL to include and execute arbitrary code on the target system.
Update/Patch AvaliableCurrently there are no known patches available to correct this issue
Vulnerability DetailsThe 'manager/frontinc/prepend.php' script does not properly validate user-supplied input in the 'manager_path' parameter.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.